OpenSSL Patches High-Severity OCSP Bug & Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol (OCSP) was patched this week, closing a denial-of-service weakness in affected servers. OCSP is an alternative in many cases to Certificate Revocation Lists where a client can use the protocol to ping a server requesting the status of a digital certificate. The vulnerability, CVE-2016-6304, can be exploited by a malicious client by sending a large OCSP Status Request extension.

Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.

In 1.0.2 an attacker could grow the memory usage on the server by approx 16k per reneg as the maximum overall ClientHello size is set to 16,384 bytes. In version 1.1.0, along with the maximum size of a ClientHello increased to 131,396 bytes, the memory growth would be near 64k per reneg.

Linux and BSD distributors Debian, Ubuntu, RedHat/CentOS and FreeBSD have also updated their software. Be sure to check your package manager to update your systems.

Of the remaining 13 vulnerabilities, patched, 12 were rated low severity by OpenSSL. The other was rated moderate severity and could lead to a denial-of-service condition where SSL or TLS would hang during a SSL_peek() call if an empty record is sent.

OpenSSL also mitigated the SWEET32 vulnerability, CVE-2016-2183. Sweet32 was disclosed in August and affected 64-bit ciphers such as Triple-DES (3DES) and Blowfish and could allow an attacker to recover authentication cookie data from 3DES traffic, and usernames and passwords from OpenVPN traffic, which is secured by Blowfish.